Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0b4be371 by Moritz Muehlenhoff at 2026-06-17T12:24:52+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,14 +1,16 @@
+CVE-2026-46655
+ NOT-FOR-US: virtio drivers for Windows
CVE-2026-0163
NOT-FOR-US: Intel vpu driver
NOTE: https://project-zero.issues.chromium.org/issues/493643407
CVE-2026-8317
REJECTED
CVE-2026-55706 (sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before
076e2b1 allo ...)
- TODO: check
+ NOT-FOR-US: OpenBSD
CVE-2026-54194 (Contributor PHP Object Injection in Fusion Builder <= 3.15.4
versions.)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-53876 (RadiX AX6600 WiFi 6 Tri-Band Gaming Router contains an OS
command inje ...)
- TODO: check
+ NOT-FOR-US: RadiX
CVE-2026-49113 (Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8
versions.)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-49080 (Unauthenticated SQL Injection in wpDataTables <= 7.3.6
versions.)
@@ -18,39 +20,39 @@ CVE-2026-49073 (Improper Neutralization of Special Elements
used in an SQL Comma
CVE-2026-49057 (Unauthenticated Broken Access Control in JobSearch <= 3.2.7
versions.)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-48929 (Rocket.Chat in versions <8.5.1, <8.4.4, <8.3.6, <8.2.6,
<8.1.6, <8.0.7 ...)
- TODO: check
+ NOT-FOR-US: Rocket.Chat
CVE-2026-48869 (Unauthenticated Cross Site Scripting (XSS) in Enfold <= 7.1.4
versions ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-48797 (Backpropagate is a Python library for fine-tuning large
language model ...)
- TODO: check
+ NOT-FOR-US: Backpropagate
CVE-2026-48788 (Remark42 is a self-hosted comment engine for blogs, articles,
or any o ...)
- TODO: check
+ NOT-FOR-US: Remark42
CVE-2026-48783 (Postiz is an AI social media scheduling tool. Versions prior
to 2.21.8 ...)
- TODO: check
+ NOT-FOR-US: Postiz
CVE-2026-48782 (Pydantic AI is a Python agent framework for building
applications and ...)
- TODO: check
+ NOT-FOR-US: Pydantic AI
CVE-2026-48781 (Postiz is an AI social media scheduling tool. In versions
prior to 2.2 ...)
- TODO: check
+ NOT-FOR-US: Postiz
CVE-2026-48779 (ws is an open source WebSocket client and server for Node.js.
All vers ...)
TODO: check
CVE-2026-48777 (FileBrowser Quantum is a free, self-hosted, web-based file
manager. Ve ...)
- TODO: check
+ NOT-FOR-US: FileBrowser Quantum
CVE-2026-48776 (LangGraph Python SDK is used to connect to running LangGraph
API serve ...)
- TODO: check
+ NOT-FOR-US: LangGraph Python SDK
CVE-2026-48745 (Traccar Client is a GPS tracking mobile app for sending
location updat ...)
- TODO: check
+ NOT-FOR-US: Traccar
CVE-2026-48616 (Rocket.Chat versions <8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6,
8.0.7, 7.13.9 ...)
- TODO: check
+ NOT-FOR-US: Rocket.Chat
CVE-2026-48294 (Adobe Acrobat PDF Extension (Chrome) versions 26.5.2.2 and
earlier are ...)
NOT-FOR-US: Adobe
CVE-2026-48055 (Streambert is a cross-platform Electron Desktop App to stream
and down ...)
- TODO: check
+ NOT-FOR-US: Streambert
CVE-2026-47750 (stable-diffusion.cpp is a pure C/C++ library for running
diffusion mod ...)
- TODO: check
+ NOT-FOR-US: stable-diffusion.cpp
CVE-2026-47747 (stable-diffusion.cpp is a pure C/C++ library for running
diffusion mod ...)
- TODO: check
+ NOT-FOR-US: stable-diffusion.cpp
CVE-2026-47277 (Runtipi is a personal homeserver orchestrator. In versions
4.9.1 throu ...)
- TODO: check
+ NOT-FOR-US: Runtipi
CVE-2026-46979 (Vulnerability in the PeopleSoft Enterprise CS Campus Community
product ...)
NOT-FOR-US: Oracle
CVE-2026-46978 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
@@ -600,9 +602,9 @@ CVE-2026-27395 (Unauthenticated Privilege Escalation in
Support Board < 3.8.9 ve
CVE-2026-25470 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-22313 (The device has a webserver that exposes a REST API
authenticated with ...)
- TODO: check
+ NOT-FOR-US: iSAP Smart Collector
CVE-2026-22312 (The device has a webserver that exposes a REST API
authenticated with ...)
- TODO: check
+ NOT-FOR-US: iSAP Smart Collector
CVE-2026-12469 (Uninitialized Use in GPU in Google Chrome on Android prior to
149.0.78 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -707,7 +709,7 @@ CVE-2026-12425 (Improper Neutralization of Input During Web
Page Generation (XSS
CVE-2026-12360 (The JetEngine plugin for WordPress is vulnerable to SQL
injection in a ...)
NOT-FOR-US: WordPress plugin
CVE-2026-12348 (Address bar spoofing in Arc Search for Android allows a remote
attacke ...)
- TODO: check
+ NOT-FOR-US: Arc Search for Android
CVE-2026-12256 (Contributor PHP Object Injection in Avada <= 3.15.3 versions.)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-12117 (Improper access control in the social login connection
endpoint in De ...)
@@ -1065,7 +1067,7 @@ CVE-2026-24155 (NVIDIA NeMo Framework for all platforms
contains a code injectio
CVE-2026-12412
REJECTED
CVE-2026-12398 (A command injection vulnerability was found in galaxy_ng. The
do_git_c ...)
- TODO: check
+ NOT-FOR-US: Red Hat Ansible Automation Platform
CVE-2026-12330 (Incorrect boundary conditions in the Internationalization
component. T ...)
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b4be3711f0f61e65010191687532bd0b807ee6b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b4be3711f0f61e65010191687532bd0b807ee6b
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
